mod_authnz_ldap and lookup

The Apache module mod_authnz_ldap allows an LDAP directory to be used to store the database for HTTP Basic authentication. In this wiki page we are going to explain how to use this module in conjunction with the lookup LDAP service and mod_ucam_webauth.

Compatibility

All these examples have been tested with Apache 2.4. The same directives could be used for Apache 2.2 but these haven't been tested.

Enabling modules

To enable the apache modules to make authnz_ldap to work. Just type:

a2enmod authnz_ldap
a2enmod ldap

Security

Include the following directive to the mod_ldap configuration to make sure that all connections make by Apache to the LDAP server are secure. Modify the file /etc/apache2/mods-enabled/ldap.conf and add

LDAPTrustedMode TLS

Basic documentation

Only allow access to members of any institution (InstID) in the Require list